Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/_ALvuaozwP6lMTQu6clKPFmy_Ys.roa
File:                     _ALvuaozwP6lMTQu6clKPFmy_Ys.roa (raw, json)
Hash identifier:          jHyLnfmLHv7UYzgICWl7LzDAXVEAjo0RcQP6KRfpAig=
Subject key identifier:   FC:02:EF:B9:AA:33:C0:FE:A5:31:34:2E:E9:C9:4A:3C:59:B2:FD:8B
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018CC2DB668BAF63F82DF9614873F4DA9575
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/_ALvuaozwP6lMTQu6clKPFmy_Ys.roa
Signing time:             Mon 01 Jan 2024 02:30:07 +0000
ROA not before:           Mon 01 Jan 2024 02:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58033
IP address blocks:        45.135.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:66:8b:af:63:f8:2d:f9:61:48:73:f4:da:95:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc02efb9aa33c0fea531342ee9c94a3c59b2fd8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:a0:90:7b:2a:ec:71:fd:ed:b9:2a:6b:79:94:
                    77:79:e8:32:0c:0d:78:7e:41:ab:93:67:8f:2e:cb:
                    29:d2:45:49:b5:70:69:0a:b9:31:e5:63:8f:69:74:
                    5f:72:50:dd:08:5e:58:08:4a:cf:79:db:13:74:98:
                    3e:8c:a7:80:6a:fa:b3:81:7c:69:99:d2:b7:6b:7a:
                    00:7f:1b:6b:31:a5:c7:d3:b1:dc:f9:f3:8a:e2:da:
                    eb:b1:a6:95:4f:06:68:30:e6:84:79:8c:4b:85:c6:
                    e4:a1:f7:6b:2b:77:8d:40:07:ed:e0:85:11:76:07:
                    bf:8d:50:21:a2:1b:7f:2c:e6:1b:61:8a:7e:58:ab:
                    3f:f0:0e:54:b0:ec:3a:a8:2c:df:19:32:2b:eb:d7:
                    f5:4c:a4:6e:13:19:1f:6a:12:a9:76:49:4c:2a:f8:
                    4e:f5:f2:ff:b5:34:d9:5d:ba:74:df:06:59:78:f1:
                    74:a9:7d:70:a4:d3:f5:3e:c8:fc:43:00:f9:7b:71:
                    80:2b:f1:44:3e:59:8c:47:d6:6e:44:4a:43:6e:b2:
                    a3:7e:62:9e:b6:d4:54:cc:11:84:a0:a2:c8:b4:b2:
                    9c:8f:ac:b9:ec:1b:4c:2a:e5:49:3e:88:38:0c:13:
                    25:f6:5c:e0:1b:a8:77:70:64:68:66:78:56:78:bd:
                    08:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:02:EF:B9:AA:33:C0:FE:A5:31:34:2E:E9:C9:4A:3C:59:B2:FD:8B
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/_ALvuaozwP6lMTQu6clKPFmy_Ys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:a2:6b:3e:8e:05:06:6a:3b:1d:7e:59:97:73:fd:bd:45:67:
         4f:df:11:29:56:62:19:e9:de:ce:3d:a0:a1:24:63:3c:94:6e:
         b1:01:60:36:24:bd:a7:b8:ed:b2:e4:d9:8b:00:47:fc:2d:19:
         b1:7c:74:f2:24:5a:f6:cc:93:5f:da:53:e3:1f:fc:a9:c7:96:
         ad:70:c9:64:1c:e4:5a:f4:60:ac:95:59:72:a3:a5:40:59:0d:
         17:d8:5c:14:bd:c7:b9:c2:70:60:ab:ec:7f:ea:02:29:0c:d5:
         68:3e:b4:c3:f7:21:96:96:4c:d1:b0:95:b3:11:24:5e:6e:ae:
         0a:7d:40:05:7e:e3:9c:61:f9:79:ec:66:69:51:66:5f:02:aa:
         56:09:ed:fe:3e:0b:16:6c:98:c2:45:bf:dd:55:f4:68:ba:1d:
         50:fb:4e:87:46:cb:2f:14:81:15:be:a2:3f:8e:42:8d:0f:1a:
         ae:fa:08:00:e2:f3:5d:fc:11:30:4f:8a:e6:53:ab:b7:d2:81:
         93:db:ce:c7:2c:7d:1d:83:4c:7e:8d:28:2b:a9:76:dd:e5:c0:
         9b:b8:71:67:37:eb:b2:16:d0:e8:94:59:64:ae:bb:53:e9:c5:
         6e:29:6a:eb:31:6c:c9:92:45:a6:99:08:89:9d:7c:df:c9:c9:
         32:e7:43:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22aLr2P4LflhSHP02pV1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMTAxMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzAyZWZiOWFhMzNjMGZlYTUzMTM0MmVlOWM5NGEzYzU5YjJmZDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqCQeyrscf3tuSpreZR3eegyDA14
fkGrk2ePLssp0kVJtXBpCrkx5WOPaXRfclDdCF5YCErPedsTdJg+jKeAavqzgXxp
mdK3a3oAfxtrMaXH07Hc+fOK4trrsaaVTwZoMOaEeYxLhcbkofdrK3eNQAft4IUR
dge/jVAhoht/LOYbYYp+WKs/8A5UsOw6qCzfGTIr69f1TKRuExkfahKpdklMKvhO
9fL/tTTZXbp03wZZePF0qX1wpNP1Psj8QwD5e3GAK/FEPlmMR9ZuREpDbrKjfmKe
ttRUzBGEoKLItLKcj6y57BtMKuVJPog4DBMl9lzgG6h3cGRoZnhWeL0IlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwC77mqM8D+pTE0LunJSjxZsv2LMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvX0FMdnVhb3p3UDZsTVRRdTZjbEtQRm15X1lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYeFMA0G
CSqGSIb3DQEBCwUAA4IBAQB9oms+jgUGajsdflmXc/29RWdP3xEpVmIZ6d7OPaCh
JGM8lG6xAWA2JL2nuO2y5NmLAEf8LRmxfHTyJFr2zJNf2lPjH/ypx5atcMlkHORa
9GCslVlyo6VAWQ0X2FwUvce5wnBgq+x/6gIpDNVoPrTD9yGWlkzRsJWzESRebq4K
fUAFfuOcYfl57GZpUWZfAqpWCe3+PgsWbJjCRb/dVfRouh1Q+06HRssvFIEVvqI/
jkKNDxqu+ggA4vNd/BEwT4rmU6u30oGT287HLH0dg0x+jSgrqXbd5cCbuHFnN+uy
FtDolFlkrrtT6cVuKWrrMWzJkkWmmQiJnXzfycky50OA
-----END CERTIFICATE-----